Vulnerability Description
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated users to obtain sensitive information by reading the error messages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Image Registry And Delivery Service \(Glance\) | 2012.1 |
| Canonical | Ubuntu Linux | 11.10 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-0209.htmlVendor Advisory
- http://secunia.com/advisories/51957Vendor Advisory
- http://secunia.com/advisories/51990Vendor Advisory
- http://ubuntu.com/usn/usn-1710-1Patch
- http://www.openwall.com/lists/oss-security/2013/01/29/10
- https://bugs.launchpad.net/glance/+bug/1098962
- https://bugzilla.redhat.com/show_bug.cgi?id=902964Patch
- https://github.com/openstack/glance/commit/37d4d96bf88c2bf3e7e9511b5e321cf4bed36
- https://github.com/openstack/glance/commit/96a470be64adcef97f235ca96ed3c59ed954a
- https://github.com/openstack/glance/commit/e96273112b5b5da58d970796b7cfce04c5030
- https://launchpad.net/glance/+milestone/2012.2.3
- https://lists.launchpad.net/openstack/msg20517.html
- http://rhn.redhat.com/errata/RHSA-2013-0209.htmlVendor Advisory
- http://secunia.com/advisories/51957Vendor Advisory
- http://secunia.com/advisories/51990Vendor Advisory
FAQ
What is CVE-2013-0212?
CVE-2013-0212 is a vulnerability with a CVSS score of 4.0 (MEDIUM). store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) before 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when th...
How severe is CVE-2013-0212?
CVE-2013-0212 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-0212?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Image Registry And Delivery Service \(Glance\), Canonical Ubuntu Linux.